Glossary

This glossary defines terms related to Ivanti Endpoint Security. Some terms apply to information technology in general, while others are specific to Ivanti Endpoint Security.

A

AAA Architecture: In client/server networking, an architecture that combines three necessary elements of security, to make them available on one server and able to work with each other in a coordinated manner.

access control list (ACL): A database file that stores information regarding entities that may request access to a network, as well as the rights and privileges to be granted upon request.

accessible endpoints: A feature that associates an individual endpoint with a particular role. This feature allows you to limit a user’s permissions to specific endpoints. For example, you can limit a user with administrative rights to administration of a single endpoint.

accessible endpoint groups: A feature that associates an individual group with a particular role. This feature allows you to limit a user's permissions to specific groups. For example, you can limit a user with administrative rights to administration of a single group.

access rights: System privileges that determine whether or not a user can access an individual feature or page. There is an access right for each system page and function. Access rights for a user are determined by selecting rights for a user role, and then assigning that user role to the applicable user.

accounting: In network security architectures, records what users do once they are granted access to a network, or in the case of denied access, it can report how many failed attempts, and even details of the attempts.

Active Directory: Microsoft’s trademarked system that centralizes the management of networked resources by making each item on a network, including most applications, objects in a relational database and then enabling the administrator to manage those objects through one management center.

active directory synchronization: The process by which the Application Control module synchronizes with a network active directory. This process crawls targeted active directories for users, user groups, endpoints, endpoint containers, and other data stored in the active directory.

Active Server Page: An HTML page that contains embedded server side scripting that is processed on a Microsoft Web Server before the page is sent to the user.

ActiveX: A technology, built on Microsoft’s Component Object Model (COM), that enables software components, regardless of the language used to create them, to interact with one another in a networked environment.

Active Template Library: A Microsoft program library for use when creating ASP code and other ActiveX program components to run in a browser window.

Address Resolution Protocol: An OSI layer-3 protocol used to find an endpoint’s MAC address using its IP address.

agent: A software routine that resides in background memory on a computer or other device and waits to perform an action when a specified event occurs.

Agent Management Job: Jobs that let you install agents upon endpoints within your network remotely. The first function of this job is to discover the targeted endpoints as in a Discovery Scan Job. The second function of this job is to install agents upon endpoints discovered during the first function. These jobs access the targeted endpoints by providing credentials specified during job configuration.

Agent Policies: The agent rules for communicating with the server. These rules include: communication interval, deployment notification options, discovery agent mode, hours of operation, logging level, and reboot notification options. Agent policies are assigned to groups, but any group that has not been explicitly assigned an agent policy will use the default system policy, as defined within the Ivanti Endpoint Security server.

agent policy conflict resolution: A series of protocols that determine which setting takes priority when a group or endpoint is assigned two or more agent policy sets with policies that conflict.

Agent Policy Sets: The combined selected agent policies as defined by the user. After their definition, these sets are then assigned to groups.

asset: An endpoint, along with all the hardware and software that is installed on that endpoint. Each endpoint, individual hardware device, and individual software application is considered an asset.

authentication: The process of identifying a user, typically through the use of credentials such as a user name and password, as the originator of a message or as the end point of a channel. High level authentication can use such other tokens as the originating IP address, or an encryption key, providing evidence of the authenticity of the request.

Authenticode: A technology based on information technology security industry standards that provides a method for developers to digitally sign their code. When code is signed, the company signing the code takes responsibility for the code and guarantees that the code is safe and free from viruses.

authorization vs. authentication: Whereas authentication is the process of verifying that a user is who they say they are, like having two forms of ID from different places, or dating paint and frame wood to verify authenticity of a painting, authorization is verifying the level of access available to that user, such as aisle and row seating stamped on a concert ticket, or possessing a back-stage pass.

authorization: The process of determining what level of access to grant a user to a system or software application function based upon their log in credentials.

B

browser: Software that allows the user to find, view, hear, and interact with material on a corporate Intranet or the World Wide Web.

C

child hierarchy: The entire group hierarchy below a specific group within the group hierarchy. Child groups have only one parent. Nesting child groups within parent groups creates an inheritance, which lets you apply one agent policy set to a parent and its children.

client: In computer networks, a client is any user, computer, node, server, or system that is requesting files from or access to some other system, regardless of whether it also acts as a server.

code signing: The process of digitally signing programs for verification purposes.

components: The components that form Ivanti Endpoint Security. components come in two types: platform components and module components. Platform components form a basis for module components to operate. Module components are the individual security solutions used to prevent network security breaches.

Component Object Model (COM): Microsoft’s programming architecture in the Windows family of operating systems that enables software components to communicate between processes and fit easily into object-oriented program design. The family of COM technology includes COM+, Distributed COM (DCOM) and ActiveX.

context: Pertaining to Microsoft Active Directory, context refers to the exact container position in the directory tree, thus allowing for the location of resources in a tree, by use of relative rather than fully qualified identifiers.

Control Panel applet: An application designed to be run within Microsoft Windows Control Panel. Ivanti’s Control Panel applet allows easy interaction with the Ivanti Endpoint Security agent.

Coordinated Universal Time (UTC): An international standard that allows for synchronization of events across many geographic zones. On an Ivanti Endpoint Security server, UTC might be chosen instead of local time if a scheduled event is desired to run at the same time at all sites, dependent also upon deployment constraints.

credentials: An object or objects presented along with a request for admission to a network or server that is used to validate the authorization of the presenter. Usually a credential is a combined user name and password, but can also consist of IP address, MAC address or an encryption key to verify that the request comes form an authorization location.

cross-platform: Portable or applicable to more than one operating system.

D

decryption: The process of converting ciphered text back to plain text after it travels across a public access medium. A previously determined key is used once the text arrives at its destination to convert the ciphered message back to clear text.

decryption key: A string of seemingly random bits of data used with cryptographic algorithms to create or verify digital signatures and unscramble cipher text back to its original clear text. Keys can be public or private and keeping at least one key private provides high security. Keys at least 128 bits long are considered more secure by modern standards, as many shorter ones have been cracked by modern computing technology.

discovery methods: The methods used to designate targets (endpoints and devices) during discovery scan jobs. Endpoints and devices can be discovered using a single IP address, an IP address range, a single computer name, network neighborhood, or active directory.

discovery options: A series of queries and scans that collect information about targets defined for detection during discovery scan jobs. These options (which include Verify with PING, ICMP Discovery, Port Scan Discovery, SNMP Discovery, Windows Version Discovery, Resolve DNS Names, Resolve MAC Addresses, and Resolve NetBIOS Names) identify whether an endpoint is present, and, if one is, what its address and operating system information are.

Discovery Scan Job: A network-based scan run from the Ivanti Endpoint Security server that discovers assets in your network (endpoints, routers, switches, printers, and so on) by using user-specified IP addresses or asset names and/or domains. These jobs also discover additional information about assets (operating system, address information, and so on) through port scans, information queries, and address mask requests.

Distributed Component Object Model (DCOM): An extension of the Component Object Model (COM) that extends COM’s capabilities across network boundaries, allowing objects to communicate across a network. COM, unlike DCOM, is designed for inter-process communication on the same node or computer.

domain: On a local or wide area network, a domain is a set of network resources and services available to a group of users. Domains act as containers that can be identified by a name and address, which can then provide authorized users access to any elements they contain. Domains can also share resources with each other as trust is extended by administrators to those other domains.

Domain Name System (DNS): The system used to name computers and especially servers for easier location. A domain name is a meaningful and human-readable name associated with an IP address. Domain names most often take on the format of domainname.com and the most common ones are associated with WWW locations.

Dynamic Host Configuration Protocol (DHCP): A protocol that lets network administrators centrally manage and automate the assignment of IP addresses in an organization’s network by establishing a range of IP addresses to be assigned automatically and indexed. Without DHCP, managers would have to manually assign and keep track of each host IP address on the network.

dynamic-link library file (DLL file): A file that has linked and compiled one or more functions used by a separate process, which can be loaded into the memory space of that process when the program is started or running.

E

encryption: The process of converting clear, readable text to ciphered text before it travels on network media, so that it can only be read or understood by a recipient with the proper decryption key. Some of the most secure encryption methods include RSA, AES, IKE, MDS, SSL, and SHA-1.

encryption key: A string of ciphered bits used with cryptographic algorithms to create or verify digital signatures and scramble clear text to protect it from being intercepted and read while traveling across public networking media. Keys can be public or private, and keeping at least one key private provides high security. Keys at least 128-bits long are considered more secure by modern standards, as many shorter ones have been compromised by modern computing technology.

Endpoint: In a client/server network architecture, an endpoint is any node that is a destination of two-way communication, whether requesting or responding. Additionally, in regard to the Ivanti Endpoint Security, the term endpoint is synonymous with any computer in your network that can have an agent installed.

F

File Transfer Protocol (FTP): A protocol that uses simple, clear text. Thus, it is a non-secure protocol used to exchange files between computers on a network or the internet.

firewall: A firewall is a set of related programs located at a network gateway server that protects the resources of a private network from unauthorized access.

fully qualified domain name (FQDN): The domain name is a unique identifier for any resource located within a domain or network. A FQDN is the full name of any network entity starting with its hostname and ending with the exact domain name in which it resides. Example: johnq.accounting.acme.com

G

Global Subscription Service (GSS ): The central repository where security content is stored for retrieval by the Ivanti Endpoint Security server. The GSS also serves as the Ivanti Endpoint Security licensing server.

globally unique identifier (GUI): A 128-bit number generated by Windows operating systems or one of its applications, which is assigned to any object in a two-way communication, be it user, application, or component. The algorithm used to generate GUIDs combines a few unique settings, such as IP Address, MAC Address, and clock date and time to create an even more unique identifier.

Group: A targeted collection of computers created and named for the purpose of deploying distribution packages, defining agent policies, setting Mandatory Baselines, or reporting. Groups provide a simple way to manage computers that have similar requirements rather than managing each computer separately.

H

hostname: The name given to identify each node of a network. The hostname usually describes either the user that operates the node, its position in a building, or its function. Hostname is intended to be more human friendly than numeric IP Addresses.

HTML: The accepted publishing language of the World Wide Web. It is a universally accepted standard for displaying links, images, and text in a format that computers around the world can read. There are currently many advantages in HTML that allow for an increasing number of different types of objects to be added to and displayed in a browser page.

HTTP: The set of rules for exchanging files (text, graphic images, sound, video, and other multimedia files) on the World Wide Web.

HTTPS: A Web protocol built into most browsers that encrypts and decrypts user page requests as well as the pages that are returned via HTTP over SSL by the Web server.

hyperlink: Generally a different color from the surrounding text, a hyperlink is a coded reference to another location in the document, or to a URL or network address, usually written in a form of HTML code or JAVA, and is most prevalent on Web pages.

I

Internet Assigned Numbers Authority (IANA): An administrative organization that assigns internet host addresses and other numeric constants used in Internet protocols.

IP (Internet Protocol): The best known and main protocol in a suite of protocols known as TCP/IP that carry all traffic on the internet currently. IP is a connectionless protocol, meaning it does not wait for confirmation that it was received before sending the next packet. It is designed for long distance carriage of packets of data, as was originally the plan with Arpanet, which later became the internet.

IP address: The 32-bit (4 dotted divisions of eight binary digits) numeric identifier for any device on a network that distinguishes it from other devices and allows for routers and switches to group devices and their communication packets. The 32-bit dotted format is soon to be replaced by IPv6, which will expand the number of available IP addresses to keep pace with the enormous growth of the internet in recent years. Example: IP address 192.168.0.1 would be read by a router as 11000000.10101000.00000000.00000001.

J

JAVA: A programming language invented by Sun Microsystems. It can be used as a general purpose application programming language with built-in networking libraries. It can also be used to write small applications called applets.

JAVA Runtime Environment (JRE): Created by Sun Microsystems, it is the core set of files necessary to execute JAVA written programs in any OS environment. JAVA is used because it is cross-platform, which is increasingly necessary in the current Web-based world.

L

library: A collection of precompiled routines, sometimes called modules, that are stored in object format for reuse by a program.

Lightweight Directory Access Protocol (LDAP): A software protocol that enables the use of Directory Services to locate organizations, individuals, and other resources such as files and devices in a network, whether on the Internet or on a corporate intranet.

localhost: The default name describing the computer address also known as the loopback address of the computer. On Web servers, this loopback can be used to test the default Web page. To access this page, type http://127.0.0.1 or http://localhost.

localprofile.txt: An XML file found in the %Installation Directory%\HEAT Software\EMSSAgent\live\patch\, this file is maintained by the Ivanti Endpoint Security agent and contains information on computer’s name, services, software, hardware, operating system, and support pack level. The refresh inventory data system task uses the information in this file to populate computer inventory data on the Ivanti Endpoint Security server.

Ivanti Content Wizard: Ivanti Content Wizard (HCW). An addition to Ivanti Endpoint Security that provides the ability to define custom detection reports, deployment packages, signatures, and fingerprints. It has an easy-to- use graphical interface that illustrates all associated sub-components of the patch in a single view.

Ivanti Endpoint Security: An application that serves as a platform for other applications that protect your network from security risks. These applications, called modules, use different approaches to protect your endpoint. Ivanti Endpoint Security is composed of a server component and an agent component. The server component is installed on a server within your network. The agent component is installed on network endpoints you want to protect from security risks. Ivanti Endpoint Security is accessed via a Web UI.

Ivanti Endpoint Security administrator: Any user who is assigned any of the access rights that control the functionality of the Ivanti Endpoint Security server or its deployments is considered an Ivanti Endpoint Security administrator.

Ivanti Endpoint Security Agent: The Ivanti Endpoint Security agent is a service that runs on each node and queries the Ivanti Endpoint Security server to receive any deployments that become ready. The behavior of the agent is defined by the agent’s policies, whether it is using the default agent policies of the Ivanti Endpoint Security server or the group’s agent policies.

Ivanti Endpoint Security Server: The central system in Ivanti Endpoint Security that manages content retrieval, vulnerability detection, and package deployment to all registered computers on the network. As a sophisticated, automated central repository of the most current security content available for a network, it maintains communication with the Ivanti Endpoint Security agent on nodes, across many key networking platforms, on the network, and detects any vulnerabilities with the help of the agent on each node.

Ivanti Endpoint Security user: Any user who has access to authenticate in to the Ivanti Endpoint Security server is considered an Ivanti Endpoint Security user.

M

MAC address: A 12-digit hexadecimal address that is burned into network cards and networking devices to allow for unique reference.

macro: Within Ivanti Endpoint Security, a macro is an environment variable that represents a filename, directory path, or a series of commands, actions, or keystrokes that can only be executed by the Ivanti Endpoint Security agent.

Microsoft SQL Desktop Edition (MSDE): An enabling technology that provides local data storage and is completely compatible with the SQL Server version 7.0 code base. This technology transforms Microsoft Access from a simple file-server database application into an extremely powerful and highly scalable client-server solution for any size organization.

Module Components: Individual security solutions used to prevent various types of security breaches within your network. Each module plugs in to the Ivanti Endpoint Security platform and can be purchased individually. Some module components come installed with the Ivanti Endpoint Security platform and require no additional licensing.

Module Sub Components: The two parts that form a module component. Each module component consists of a server sub component and an endpoint sub-component. These sub-components work together to form a module's functionality.

MSI installer: Designed for Windows networks that use the Windows software installer mechanism. The MSI installer can be edited to include the Ivanti Endpoint Security server name and serial number. In this way, the agent can be deployed through the use of group policy agents.

N

NetWare: Networking OS that has played a major role in the development of Local Area Networking over the past few decades, being an early Network OS to use the Directory Services concept.

Novell Directory Services (NDS): The relational database that contains all the resources on a Novell network, and provides security, and access for all resources.

O

Open Software Description (OSD): Creates a standard way to describe software components, their versions, underlying structure and relationships to other components. OSD is the standard language used when performing automatic software distributions and updates over the Internet.

Operating System Pack (OSP): Contains all vulnerability detection information needed by an agent for a given operating system. It is generated by the DS and is passed to the agent during the DAU task. When a vulnerability replication executes, it checks to see if any operating systems received new data and it will automatically schedule the DS to regenerate the OS Packs for those operating systems.

P

parent hierarchy: Refers to the entire group hierarchy above a specific group within the group hierarchy.

Platform components: The essential components needed for Ivanti Endpoint Security operation. These components include the Ivanti Endpoint Security Web console, the Ivanti Endpoint Security database, and the Ivanti Installation Manager.

policy server: In a network designed with protections against unauthorized admission, it is where the rules and policies are stored that are the standards by which admission decisions are made. Rules can then be enforced by routers or some other form of firewall protection.

port number: The port number is carried in internet transport protocols to identify which service or program is to receive an incoming packet. Certain port numbers are permanently assigned to particular protocols by the IANA. For example, e-mail uses port 25 and Web services use port 80.

proxy server: In an enterprise that uses one of the Internet protocols, a proxy server is a server that acts as an intermediary between a client and an Internet server. The proxy server allows an enterprise to ensure security and administrative control.

Q

Q-chain (QChain.exe): The utility Microsoft provides to chain hotfixes on Microsoft Windows NT, 2000, 2003, 2008, XP, or Vista.

R

Reflective Memory Injection: A technique for executing external code within an authorized process, bypassing an endpoint’s whitelist enforcement mechanism. This is sometimes (though not always) the result of a malware attack.

Refresh Inventory Data (RID): Prevents certain log files from getting too large. RID is handled differently on the various platforms; some delete the files when they reach a certain size, while others will trim the file, leaving the most recent data but shrinking the file size.

registry: The registry serves as a central data repository for system and application-specific configuration data on a Windows machine. A registry contains keys, which are like directories in a Windows file system. Each key can contain values (the registry equivalent of a data file) or nested subkeys (the registry equivalent of a nested folder).

Just as with files or folders, you can identify a registry key by building a full path to it.

replication: The process whereby the Ivanti Endpoint Security server receives daily scheduled updates of patches from the GSS. The schedule replication time of day can be manually overridden daily by clicking Update Now.

report: Records that document activity and information pertaining to your network environment. Within the Ivanti Endpoint Security server, you can generate reports for virtually every function that the server and agent performs: endpoint inventory, the results of discovery scan jobs, the status of a deployment, and so on.

Reverse Address Resolution Protocol (RARP): Literally, the reverse of Address Resolution Protocol, RARP resolves an IP address from a given hardware, or MAC address.

rules: Statements of conditions that must be met or parameters that will determine an action to be taken. Rules can be positive or negative, but usually are stated simply and clearly such as “if member of group ADMIN, run superuser.bat.”

S

Secure File Transfer Protocol (SFTP): A secure version of FTP, SFTP is designed to provide some encryption capabilities for file transfer over a network. Functionally similar to FTP, SFTP instead uses SSH to transfer files, so it cannot be used with a standard FTP client.

Secure Sockets Layer (SSL): A security protocol that provides data encryption, message integrity, and client/server authentication for the transmission of private information and documents over the internet. SSL is available with either 40-bit or 128-bit encryption. However, 40-bit has been compromised in recent years, making 128-bit the lowest level anyone should go for secure encryption.

server: A server is a computer or software application that provides data to client computers or software applications. A single computer running multiple software applications can simultaneously perform the function of multiple servers, multiple clients, or any combination thereof.

source group: Groups that automatically assigned managed endpoints to associated custom groups.

SQL Server: A trademark for a Microsoft database server that uses SQL. SQL Server is a popular database management system for Windows NT environments.

structured query language (SQL): A database language used by administrators of relational databases to query, update, and mange data. It enables the administrator to use clear syntax that is descriptive of whatever action is wanted.

SSL Certificate: An electronic certificate consisting of a set of keys, one public, one private, exchanged between a Web server and a requesting client. A session is created, and a unique session key ensures a high level of encryption of any sensitive data passed between the client and server, preventing interception or unauthorized use of that data by any other entity.

T

TCP/IP (Transmission Control Protocol/Internet Protocol): The main suite of communications protocols used to connect hosts on the Internet, and now the prevalent LAN protocol even when other protocols are available.

transaction log: A Web server file that records a history of actions such as data changes. This log is used to roll the Web server back to a stable condition should the database be found in an inconsistent state.

trust: In domains, a trust relationship will allow members of one domain, when properly logged in and authenticated, to access services available on another domain.

U

URL (Universal Resource Locater): The address that is the formal access name for a network or Internet resource. It usually begins with the protocol identifier, such as http or ftp. Thus, https://www.yahoo.com is a URL for the domain yahoo.com.

user: A profile used to access the Ivanti Endpoint Security server. These profiles include credentials (a user name and password) and an assigned role that determines the user's access rights within the system.

User Datagram Protocol (UDP): A communications protocol that offers a limited amount of service when messages are exchanged between computers in a network that uses Internet Protocol. It is one of the most common connection based protocols in use on the internet, the other being TCP.

user name: The unique name used to gain access to a computer and/or network. User names and passwords are required in multi-user systems.

V

VeriSign certificate: A VeriSign certificate is issued by VeriSign, Inc. to verify a company’s identity and enables the company to digitally sign programs and prove the authenticity of a Web site address.

W - Z

Web server: A program that publishes content using the HTTP protocol so that it can be viewed using any type of compliant browser from any location on the connected Intranet or Internet.

widget: A graph or chart displayed on the Ivanti Endpoint Security Home page that depicts Ivanti Endpoint Security and Ivanti Endpoint Security module activities.

World Wide Web (WWW): A commonly used name for the Internet, the WWW is a Web of connected Domains of local computers, which can share information with authorized users whom connect from anywhere else on the Web. Due to the exponential growth in recent years, a good way to check on current standards is to visit the World Wide Web Consortium.

XML (extensible markup language): A flexible way to create common information formats and share both the format and the data on the World Wide Web, Intranets, and elsewhere.